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and said generator being a point P on said elliptic curve. 

14. A method as defined in claim 1. said second correspondent being a key 
distribution server. 

5 

15. A method as defined in claim 1, said first correspondent being a terminal and 
second correspondent being a server. 

1 6. A method of authenticating a pair of correspondents C,S to permit the exchange 
1 0 of information therebetween, each of said correspondents having a respective private 

key, l\ d and a public key, Q u and O s derived from a generator element of a group and a 
respective ones of said private keys e.d, said method comprising the steps of: 

i. a first of said correspondents C generating a session value x\ 
1 5 sai d first correspondent generating a private value f, a public value 

derived form said private value / and said generator and a shared secret 

value derived from said private value t and said public key Q s of said 

second correspondent; 
iii. said second correspondent generating a challenge value y and 
20 transmitting said valuer to said first correspondent; 

tv. said first correspondent in response thereto transmitting said challenge 

value v, said session value .v, said public value an of said first 

correspondent; and 

v. said second corresponding verifying a corresponding stored identity to 
25 thereby verify said first correspondent. 

1 7. A method of authenticating a pair of correspondents CS to permit exchange of 
information therebetween, each of said correspondents C,S having a respective private 
key e,d and a public key Q u and Q s derived from a generator P and a respective ones of 

30 said private keys e,d, a list of said correspondents C having a unique identification 
information ID U stored therein, said a second of said correspondent a including a 

13 



BNSOOCICh <WO 9S51032A2 I > 



SUBSTITUTE SHEET (RULE 26) 



WO 98/51032 



PCT/CA98/00418 



memory for storing public keys of one or more of said first correspondents, said 
method comprising steps of: 

a ) said second of said correspondents generating a random value y upon initiation 
of a transaction between said correspondents; 

b) said second correspondent S forwarding to said first correspondent C said value 

y; 

c) said first correspondent C generating a first random number x and computing a 
public session key tP from a private key t; 

d) said first correspondent C generating a message H by combining said first 
, r , random number x, said value y, said public session key tP and said unique 

identification information ID U and computing a signature S e of said message H; 

e) said first correspondent C transmitting said signature S c , said public session key 
tP. said value x and said identification ID U to said second correspondent; 

f) said second correspondent upon receipt of said message from said previous step 
(Q) retrieving said public key Q u of said first correspondent from said memory 
using said received identification information ID U ; and 

g) said second correspondent verifying said received signature using said 
recovered public key Q u and verifying said message H and computing a shared 
secret key d(tP), whereby both said correspondents may calculate a shared 
secret key k by combining the computed secret tQ s = d(tP) with said first 
random number x and said random value y, said key K being utilized in 
subsequent transactions between said correspondents for a duration of said 
session. 



14 



SUBSTITUTE SHEET (RULE 26) 



WO 98/51032 



PCT/CA98/00418 



THE EMBODIMENTS OF THE INVENTION IN WHICH AN EXCLUSIVE 
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS: 

1 . A method of authenticating a pair of correspondents C,S to permit the exchange 
of information therebetween, each of said correspondents having a respective private 
key, e. d and a public key, Q u and Q s derived from a generator element of a group and a 
respective ones of said private keys e.d, said method comprising the steps of: 

i. a first of said correspondents C generating a session value x\ 

ii. said first correspondent generating a private value /, a public value 
derived from said private value / and said generator and a shared secret 
value derived from said private value / and said public key O s of said 
second correspondent; 

iii. said second correspondent generating a challenge value y and 
transmitting said challenge valuer to said first correspondent; 

iv. said first correspondent in response thereto computing a value h by 
applying a function H to said challenge valuer said session value .v. 
said public value an of said first correspondent; 

v. said first correspondent signing said value h utilizing said private keye; 

vi. said first correspondent transmitting to said second correspondent said 
signature including said session value x. and said private value t: and 

vii. said second correspondent verifying said signature utilizing said public 
key Qu of said first correspondent and whereby verification of said 
signature authenticates said first correspondent to said second 
correspondent. 

2. A method as defined in claim 1, including said second correspondent computing 
said shared secret value by utilizing its private key d and said public value and said first 
and second correspondents computing a session key k derived from said shared secret, 
said session value x and said challenge value y. 
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3. A method as defined in claim 1, said signature forwarded by said first 
correspondent includes an identification ID lt of said first correspondent. 

4. A method as defined in claim 1 , said first correspondent including a general 
purpose computer and a signature module for computing said signature. 

5. A method as defined in claim 4, said private and public keys of said first 
correspondent being embedded within said signature module and said private key being 
accessible by a signature function. 

6. _ A method as defined in claim 5, said identification ID U being stored within 
said general purpose processor. 



7. A method as defined in claim 1 , said public value being a Diffie-Hellman public 
1 5 value. 

8. A method as defined in claim 1, said group being an elliptic curve group E (Fg) 
and said generator element being a point P on said elliptic curve. 

20 9. A method as defined in claim 1, said second correspondent utilizing said 
identification ID U for retrieving said public key Q u from a database. 

10. A method as defined in claim 9, said session key k including a usage code 
value for specifying a transaction type in a given session. 



25 



11. A method as defined in claim 1 , said function H being a hash function. 



12. A method as defined in claim 1, including transmitting a verifiable message 
between said correspondents by appending thereto a data encryption standard 

30 authentication code using said computed session key. 

13. A method as defined in claim 1, said group being an elliptic curve group EiFf 1 ) 

12 
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unique number (x) and the Diffie-Hellman public value (tP). In contrast to the 
embodiment shown in figure 2. where the response includes the signature component. 

As previously shown, ID U will be checked in the database. If it exists, the server 
now knows that it is communicating with a legitimate P-ATM. The transaction number 
5 x may be verified unique if possible (for example, if x is a transaction number, make 
sure it is larger than the last transaction number). The Diffie-Hellman shared secret tO s 
will be computed from the transmitted value tP using the server's private key d. From 
the shared secret and both the server and P-ATM session-unique values a session key is 
derived: 

10 A^SHA(x||^(^)||/D, / || ,, ^C") or fENC n or both or null. 

This completes the secure call establishment as is more clearly seen with reference to 
figure 5(a). 

Once a secure call has been established between the P-ATM and the server, 
transaction messages in either direction can now be made verifiable by appending a 

1 5 DES MAC using the computed session key shown in figure 5(b) and 5(c). 

Alternatively, messages can be made private by encrypting them with that key instead 
of MACing them. If only authentication is required, the message recipient must 
recompute the MAC from the message and accept it only if the MACs agree. If 
encryption is desired, the plaintext message must be decrypted from the ciphertext 

20 message received or both. 

In the case of P-ATMs not manufactured with SAM modules it is still necessary 
to perform P-ATM to server binding to issue the appropriate server public key to the P- 
ATM and to issue the P-ATM ID to the appropriate server. Both of these actions must 
be done securely. As with the SAM module P-ATM previously described, two 

25 methods of key distribution may be implemented. The two phase public key 

distribution method, as shown in figure 6, once again assumes that a key distnbution 
server (KDS) exists which issues binding information to the appropriate server for each 
P-ATM. The P-ATMs are preloaded with a server authentication key (SAK) generated 
by the KDS at manufacture time. The KDS uses the same triple-DES key to generate 

30 unique SAKs for all P-ATMs. 

Alternatively, a single phase symmetric key distribution method is illustrated in 
figure 7. The P-ATMs are preloaded with a unique (DES) server authentication key 
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(SAfC) at manufacture time. This key will authenticate the server public key the first 
time a connection is established. A connection must be established from the KDS to a 
server for each P-ATM being bound to that server. The KDS maintains a solitary 
tnpie-DES key with which the P-ATM server authenticating keys (SAKs) are 
5 generated. This key distribution then proceeds similarly to that described with 
reference to the embodiment shown in figure 4. 

While the above protocols have been described with reference to specific 
embodiments thereof and in a specific use, various modifications thereof will occur to 
those skilled in the art without departing from the spirit of the invention. For example, 

1 0 other symmetric key schemes, instead of DES and triple DES, may be implemented, 
similarly equivalent hash functions, possibly derived from DES may be implemented 
instead of SHA1. The protocols provide secure generation and loading of keying 
material at both the time of manufacture of the P-ATM and the initial communication 
with its assigned server. They also provide mutual authentication of the P-ATM and 

1 5 server on a per session basis. 
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signacure functions. The public key O u can be read by the P-ATM. The P-ATMs are 
preloaded with a public key O u of the KDS at manufacture time. A connection must be 
established once from each P-ATM to the KDS in order to bind that P-ATM to the 
appropriate server. A connection must be established from the KDS to the server for 
each P-ATM being bound to that server. 

Consider the initial state of the three distinct entities: KDS 20, P-ATM 10, and 
server 1 8. The KDS is installed and constructs its key pair (d k , Q k ) prior to the 
manufacture of P-ATMs. Each P-ATM is manufactured with a SAM containing the 
key pair (d ttt 0„), and with the KDS public key O k embedded within its ROM. At some 
time in the future, the server 1 8 is installed and constructs its private, public key pair 
(4v, Q s ). When this occurs, the KDS is informed of the server's public key (Q s ) and any 
localization information about the server (service type, geographic coverage, etc.). 

Once a P-ATM is delivered to the customer it must be bound to a server before 
it can be used for its intended purpose. This is accomplished by first establishing a 
1 5 connection from the P-ATM 10 to the KDS 20. This can be done using the same 
communications mechanisms, protocols, and cryptography as a P-ATM-to-server 
connection. Once this connection is established, the P-ATM can issue its public key Q u 
to the KDS 20 and the KDS 20 can issue the appropriate server's public key O u to the 
P-ATM 10. The appropriate server is determined by the application in which the P- 
20 ATM 10 is to be used. For example, it could be a function of where the P-ATM was 
purchased. Specification of the intended function for the P-ATM could be either 
inband or out of band. 

Subsequent to this connection, the P-ATM now knows the server to which it 
will make a connection. The server must be informed of the new P-ATM that it must 
25 recognize. This can be done by the KDS making a secure connection with the server 
(again, using the same P-ATM-to-server protocol) as if it were a P-ATM. The new 
binding information may conveniently be stored in a database within the server and is 
then integrated into the server's world-view. This database update connection can 
occur either as a batch operation at the end of each week, in real-time on a per binding 
30 basis, or at some time in between these extremes. 

In another embodiment, a single phase symmetric key distribution method is 
described with reference to figure 4. In this embodiment as with the previous 
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embodiment, the SAM modules are pre-keyed by the SAM manufacturer. The private 
key d u can only be accessed by the signature function. The public key Q u can be read 
by the P-ATM. The P-ATMs are preloaded with a unique (DES) server authentication 
key (SAK) at manufacture time. This key will authenticate the server public key Q s the 
5 first time a connection is established to the P-ATM. A connection must be established 
to a server for each P-ATM being bound to that server. The KDS 20 maintains a 
solitary triple-DES key K v with which the P-ATM server authenticating keys (SAKs) 
are generated. 

Consider the initial state of the P-ATM 10 and server 1 8. Each P-ATM is 

1 0 manufactured with a SAM containing the key pair (d Ul Q u ), and with a unique identifier 
ID;;: During manufacture, each P-ATM's identity defined by its unique identifier ID U 
and public key Q u (ID tl9 Q u ) is encrypted under the triple-DES key K v to produce a SAK 
= TDESl (ID U , O s ). Each P-ATM obtains a unique SAK because the P-ATM 
identities are all distinct. At some time in the future, a client server is installed and 

1 5 constructs its key pair (d s , Q s ). When this occurs, the KDS 20 is informed of the 

server's public key (O s ) and any localization information about the server (service type, 
geographic coverage, etc.). 

Once a P-ATM is delivered to the customer it must be bound to the server 
before it can be used for its intended purpose. Registering the P-ATM device with the 

20 KDS binds the P-ATM to the appropriate server. In order to notify the server of the 

newly legitimized P-ATM, that server is sent the P-ATM's identity ID U and public key 
Qu'r in order for the P-ATM to accept the server as legitimate the first time a 
connection is established, the P-ATM's identity and server's public key Q s are 
encrypted with the P-ATM's SAK (ESK = DES^ k (ID tlt O s )) and sent to the server as 

25 an update to its database. This transport can be easily used to protect server updates. 

The server will issue the encrypted key to the P-ATM where it is verified using 
the SAK as shown in figure 4(b). The SAK need not be securely stored at manufacture 
time for this purpose; it is possible to reconstruct the SAK using the ID and public key 
of the P-ATM and the triple-DES key which only the KDS has. 

30 In another embodiment, the P-ATM may not have a SAM module embedded 

within it. In this case, as shown in figure 5(a), the P-ATM's response to the server's 
4 \vho-are-you?" challenge will include its identification string (ID lt ) and its transaction- 
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server, once it receives a call request from the P-ATM, will generate a random session 
value y and queries the identity of the P-ATM. 

Generally, when the P-ATM establishes a call to the server, the server will 
generate a "who-are-you?" challenge to the P-ATM. The P-ATM's response to the 
5 server's "who-are-you?" challenge will include the following information: its serial 
number and/or equivalent identification string (ID U ) (this will be used for public key 
lookup at the server); the session unique number (x) (this must be a statistically unique 
number but not necessarily non-deterministic); the Diffie-Hellman public value (tP); 
and a signature S c (h) of the hash h " SHA( y\\ x \tP\lD u ) signed by the private 

10 key e of the SAM. The P-ATM will thus send (/D„, x, lP 9 S e (h)) to the server. The 
SHA is generally an SHA-1 hash function. 

At whatever point tP is computed (just prior to the call, several sessions 
previous, or as a one time computation), it is also necessary to compute /Q s . 

At the server, ID„ will be used to look up Q u from a database of stored public 
1 5 keys of literally thousands of P-ATMs. The value x may be verified to be unique if 
possible (for example, if x is a transaction number, make sure it is larger than the last 
transaction number). The values tP, and ID U will be used to reconstruct the hashed 
message h = SH A( y\\ x \\tP\\lD u ). The hash h will then be used to verify the signature 
using the public key Q u recovered from the database. Assuming all is successful, the 
20 server now knows that it is communicating with a legitimate P-ATM. 

The server must now construct the Diffie-Hellman shared secret tO s . This is 
done with its private key d to compute: 

tQs =d(jP\ 

From the shared secret d(tP) and both the server and P-ATM session-unique 
25 values y and respectively, a session key k is derived from a hash of (<*(//>) || usage 
code), were the usage code may be a string specifying "MAC" or "ENC," or if only 
one. then it is set to null. The user of the P-ATM would decide whether to use "MAC" 
or "ENC," e.g. for transactions over $1000 - use "ENC" or use "MAC," otherwise: 

K = SHA(d(tP)\\x\\y I MAC') or \\" ENC" . 

5 
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Set up by a user profile for example stored in the cash card when it is issued by the 
institution. 

Transaction messages in either direction can now be made verifiable by 
appending a data encryption standard message authentication code (DES MAC) using 
5 the computed session key K MAC as shown in figure 2(b). Alternatively as shown in 
figure 2(c), messages can be made private by encrypting them with the key K EN c 
instead of MACing. If only authentication s required, the message recipient must 
recompute the MAC from the message and accept it only if the MACs agree. If 
encryption is desired, the plaintext message must be decrypted from the ciphertext 

1 0 message received. If both encryption and verification is required, then both encryption 
and:MACing may be employed as shown in figure 2(d). With the above protocol, it 
may be seen that service storage, computation and speed constraints of the P-ATM are 
overcome since it performs relatively simple operations. For example, the computation 
of a hash is relatively easy, whereas the dedicated SAM performs the signature 

1 5 function. Similarly, the verification of the DES MAC is relatively easy for the P-ATM 
to perform. Thus, security is achieved by the P-ATM and server computing and using a 
shared secret that ensures the accuracy of each session. 

Turning now to figure 3. as outlined earlier, in order to simplify the 
manufacturing process for P-ATMs, the mapping of P-ATMs to their servers is 

20 unknown until the customer purchases a device. It is anticipated that servers may 
service in the order of 100,000 P-ATMs. To perform P-ATM to server binding it is 
t necessary to issue the appropriate server public key Q s to the P-ATM and to issue the 
P-ATM public key Q u and identity information ID U to the appropriate server. Both of 
these actions must be performed securely. This may be achieved by either a two phase 

25 method using public key cryptography which uses the previously defined secure 

protocol for P-ATM to server messaging or a one phase method using symmetric key 
cryptography. 

A two phase public key distribution method is described with reference to figure 
3. In this embodiment, a key distribution server (KDS) 20 exists, as shown in figure 1, 
30 which is used to bind P-ATMs 10 to their long-term servers 18. The SAM modules 12 
within the P-ATMs 10 ate pre-keyed with their private key e and public key Q u by the 
SAM manufacturer. The private key e can only be accessed from within the SAM by a 
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first random number x and said random value y, said key K being utilized in 
subsequent transactions between said correspondents for a duration of said 



session. 



Also, this aspect of the invention provides for apparatus for carrying out the 



10 



15 



20 



25 



method. Such an apparatus can comprise any computational apparatus such as a 
suitably programmed computer. 

BRIEF DESCRIPTION OF THE DRAWINGS 

These and other features of the present invention will become more apparent 
from the following description of preferred embodiments of the invention, which are 
described by way of example, only, with reference to the accompanying drawings in 
which like elements have been assigned like numbers and wherein: 

Figure 1 is a schematic diagram of P- ATM server configuration; 

Figures 2 (a), (b), (c) and (d) are schematic diagrams of an authentication 
protocol between a server and a personal ATM; 

Figures 3 (a), (b) and (c) are schematic diagrams of a two phase public key 
distribution system; 

Figures 4 (a) and (b) are schematic diagrams of a single phase symmetric key 
distribution system; 

Figures 5 (a), (b) and (c) are schematic diagrams showing a protocol for 
establishing a secure session without a sign only module; 

Figure 6 is a further embodiment of a two phase public key distribution system; 

and 

Figure 7 is a further embodiment of a single phase symmetric key distribution 



DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT 

Referring to figure 1, a personal ATM (P-ATM) 10 has sign only module 
(SAM) chip 12, such as a SC27 or SC46, embedded therein. The P-ATM also includes 
an 8058 8-bit processor chip 14 which is only capable of performing simple 
calculations due to its low processing power. The SAM module generally has elliptic 
curve (EC) sign-only capabilities and is generally available in "smart-cards" and the 
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like. The P-ATM 10 is connected via a suitable communication channel 17 to a service 
server 18. A cash card 16 may be used to access services provided by the server 18 via 
the P-ATM 10. 

Message exchange between the P-ATM 1 0 and the server takes place using 
5 public key encryption. For the sake of clarity, the following terms which are used in 
the following description, are defined: 

P - A generator point on an elliptic curve. 

ID U - A string that uniquely identifies the P-ATM 10 ? this string is 
stored within the 8058 firmware. 
10. e, On - A private (signature) and public keys of the SAM embedded 

within a P-ATM device. The public key Q u is obtained from the private 

key e. 

Qs - Private and public keys of the server 18. 
x - A session random value generated by a P-ATM device. 
15 y - A session random value generated by the server 1 8. 

A/- A plaintext message of arbitrary content in either direction between 
the P-ATM and server. 

SHA(A/) - The hash of a message M using SHA-1 . 
DES l K (M)~ The ciphertext generated by encrypting plaintext M with 
20 DES using a key K. 

DES "(E)- The plaintext generated by decrypting ciphertext E with 
"'- * DES using a key K. 

S e (M) - A signature generated by signing message M with private key e. 
t - A Diffie-Hellman private value generated by the P-ATM used to 
25 generate a shared secret tQ s . The value of t may be precomputed and/or 

reused over multiple sessions. 
Referring now to figure 2 (a), it is assumed that the SAM, the P-ATM and the 
server have already been initialized with the appropriate parameters. This will be 
discussed later. A session is established by the P-ATM initiating a call to the server on 
30 the request of a user. For each session, the P-ATM generates a random session unique 
value x and computes tP (the Diffie-Hellman shared secret) and tO s . The value / is the 
Diffie-Hellman private value used to generate the eventual shared secret tQ s . The 

4 
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TWO WAY AUTHENTICATION PROTOCOL 

This invention relates to a protocol for verifying parties in a transaction and. in 
particular, cryptographic protocols for providing secure personal ATM transactions 
5 between an electronic device and a server and in which the protocols are based on a 
public key algorithm. 



BACKGROUND OF THE INVENTION 

With advent of electronic commerce, the use of cash in financial transactions in 

1 0 becoming less popular, in favour of electronic wallets. Typically, a financial institution 
will issue its customers with a personal ATM device (P-ATM) and an electronic cash 
card. The user then uses the electronic cash card, which stores a cash amount thereon, 
in various financial transactions. The cash card communicates with the financial 
institution's central server via the personal ATM. Because there is less control 

1 5 exercised by a financial institution on a P-ATM than a regular ATM installed, for 

example, at a bank site, it is necessary for the P-ATMs to be authenticated both by the 
issuing financial institution as well as by the cash card user in addition to the usual 
verification of the cash card used by the institution and sometimes vice versa. 

In order to simplify the manufacturing process for personal ATMs, the mapping 

20 of a P-ATM's cryptographic parameters to a server is unknown until the customer - 
purchases the P-ATM device. To perform P-ATM to server binding, it is necessary to 
issue the appropriate server public key to the P-ATM and to issue the P-ATM public 
key and ID to the appropriate server. Both of these actions must be done securely. The 
difficulty in the authentication presented by this type of application is that the cash card 

25 must trust the server and vice versa. Thus, it is necessary that the server then verify the 
P-ATM and vice versa. Once the server and the P-ATM trust each other, the user can . 
then use the cash card with the ATM with relative confidence. Furthermore, these 
verifications must be performed relatively quickly. Thus, there is a need for a 
verification and authentication protocol that meets the needs of this type of transaction. 

30 SUMMARY OF THE INVENTION 

This invention seeks to provide a verification and authentication protocol that 
enables at least one party in at least a three party transaction to be authenticated by the 
remaining parties. 
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Furthermore this invention seeks to provide an authentication protocol in a 
cash-card, personal ATM and server transaction. 

This invention also seeks to provide a key distribution method for personal 
ATM's and the like. 

In accordance with an aspect of the invention there is provided a method of 
authenticating a pair of correspondents C,S to permit exchange of information 
therebetween, each of said correspondents C,S having a respective private key e,d and a 
public key Q u and Q s derived from a generator P and a respective ones of said private 
keys e.d, a list of said correspondents C having a unique identification information ID U 
stored therein, said a second of said correspondent a including a memory for storing 
public keys of one or more of said first correspondents, said method comprising steps 
of: 

a ) said second of said correspondents generating a random value y upon 
initiation of a transaction between said correspondents; 

b) said second correspondent S forwarding to said first correspondent C said 
value y; 

c) said first correspondent C generating a first random number x and 
computing a public session key tP from a private key t; 

d) said first correspondent C generating a message H by combining said first 
random number x, said value y, said public session key tP and said unique 
identification information ID U and computing a signature S e of said message 
H; 

e) said first correspondent C transmitting said signature S e , said public session 
key tP, said value x and said identification ID U to said second correspondent; 

0 said second correspondent upon receipt of said message from said previous 
step (Q) retrieving said public key Q u of said first correspondent from said 
memory using said received identification information ID U ; 

g) said second correspondent verifying said received signature using said 
recovered public key Q u and verifying said message H and computing a 
shared secret key d(tP), whereby both said correspondents may calculate a 
shared secret key k by combining the computed secret tQ s = d(tP) with said 

2 
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